From: Yosry Ahmed <yosry@kernel.org>
To: Sean Christopherson <seanjc@google.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
Vitaly Kuznetsov <vkuznets@redhat.com>,
David Woodhouse <dwmw2@infradead.org>,
Paul Durrant <paul@xen.org>,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 01/11] KVM: SVM: Truncate INVLPGA address in compatibility mode
Date: Tue, 21 Apr 2026 23:26:37 +0000 [thread overview]
Message-ID: <aegHqAQrNGtpAhwk@google.com> (raw)
In-Reply-To: <20260409235622.2052730-2-seanjc@google.com>
On Thu, Apr 09, 2026 at 04:56:12PM -0700, Sean Christopherson wrote:
> Check for full 64-bit mode, not just long mode, when truncating the
> virtual address as part of INVLPGA emulation. Compatibility mode doesn't
> support 64-bit addressing.
>
> Note, the FIXME still applies, e.g. if the guest deliberately targeted
> EAX while in 64-bit via an address size override. That flaw isn't worth
> fixing as it would require decoding the code stream, which would open a
> an entirely different can of worms, and in practice no sane guest would
> shove garbage into RAX[63:32] and execute INVLPGA.
>
> Note #2, VMSAVE, VMLOAD, and VMRUN all suffer from the same architectural
> flaw of not providing the full linear address in a VMCB exit information
> field, because, quoting the APM verbatim:
>
> the linear address is available directly from the guest rAX register
>
> (VMSAVE, VMLOAD, and VMRUN take a physical address, but they're behavior
> with respect to rAX is otherwise identical).
>
> Fixes: bc9eff67fc35 ("KVM: SVM: Use default rAX size for INVLPGA emulation")
> Signed-off-by: Sean Christopherson <seanjc@google.com>
> ---
Reviewed-by: Yosry Ahmed <yosry@kernel.org>
next prev parent reply other threads:[~2026-04-21 23:26 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-09 23:56 [PATCH 00/11] KVM: x86: Clean up kvm_<reg>_{read,write}() mess Sean Christopherson
2026-04-09 23:56 ` [PATCH 01/11] KVM: SVM: Truncate INVLPGA address in compatibility mode Sean Christopherson
2026-04-21 23:26 ` Yosry Ahmed [this message]
2026-04-09 23:56 ` [PATCH 02/11] KVM: x86/xen: Bug the VM if 32-bit KVM observes a 64-bit mode hypercall Sean Christopherson
2026-04-09 23:56 ` [PATCH 03/11] KVM: x86/xen: Don't truncate RAX when handling hypercall from protected guest Sean Christopherson
2026-04-13 10:36 ` Binbin Wu
2026-04-15 21:29 ` Sean Christopherson
2026-04-09 23:56 ` [PATCH 04/11] KVM: VMX: Read 32-bit GPR values for ENCLS instructions outside of 64-bit mode Sean Christopherson
2026-04-13 12:19 ` Huang, Kai
2026-04-15 21:37 ` Sean Christopherson
2026-04-15 23:32 ` Huang, Kai
2026-04-16 0:27 ` Sean Christopherson
2026-04-16 1:40 ` Huang, Kai
2026-04-09 23:56 ` [PATCH 05/11] KVM: x86: Trace hypercall register *after* truncating values for 32-bit Sean Christopherson
2026-04-21 23:27 ` Yosry Ahmed
2026-04-09 23:56 ` [PATCH 06/11] KVM: x86: Move kvm_<reg>_{read,write}() definitions to x86.h Sean Christopherson
2026-04-21 23:32 ` Yosry Ahmed
2026-04-22 0:40 ` Sean Christopherson
2026-04-22 20:03 ` Yosry Ahmed
2026-04-09 23:56 ` [PATCH 07/11] KVM: x86: Add mode-aware versions of kvm_<reg>_{read,write}() helpers Sean Christopherson
2026-04-14 8:26 ` Huang, Kai
2026-04-14 15:42 ` Sean Christopherson
2026-04-14 22:40 ` Huang, Kai
2026-04-14 9:02 ` Binbin Wu
2026-04-09 23:56 ` [PATCH 08/11] KVM: x86: Drop non-raw kvm_<reg>_write() helpers Sean Christopherson
2026-04-09 23:56 ` [PATCH 09/11] KVM: nSVM: Use kvm_rax_read() now that it's mode-aware Sean Christopherson
2026-04-21 23:19 ` Yosry Ahmed
2026-04-09 23:56 ` [PATCH 10/11] Revert "KVM: VMX: Read 32-bit GPR values for ENCLS instructions outside of 64-bit mode" Sean Christopherson
2026-04-16 1:42 ` Huang, Kai
2026-04-09 23:56 ` [PATCH 11/11] KVM: x86: Harden is_64_bit_hypercall() against bugs on 32-bit kernels Sean Christopherson
2026-04-16 1:43 ` Huang, Kai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aegHqAQrNGtpAhwk@google.com \
--to=yosry@kernel.org \
--cc=dwmw2@infradead.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=paul@xen.org \
--cc=pbonzini@redhat.com \
--cc=seanjc@google.com \
--cc=vkuznets@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox